Fixed code for ASN1_ITEM template pointer retrieval for X509 objects …

…to work across OpenSSL versions.
openca · Aug 17, 2023 · 8193154 · 8193154
1 parent 41553d8
commit 8193154
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 48 deletions.
diff --git a/src/pki_x509.c b/src/pki_x509.c
@@ -41,79 +41,90 @@ const ASN1_ITEM * _get_ossl_item(PKI_DATATYPE type) {
 	switch (type) {
 
 		case PKI_DATATYPE_X509_CERT : {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-	        it = (ASN1_ITEM *) X509_CINF_it;
-#else
-			it = &X509_CINF_it;
-#endif
+			it = ASN1_ITEM_rptr(X509_CINF);
+// #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+// 	        it = (ASN1_ITEM *) X509_CINF_it;
+// #else
+// 			it = &X509_CINF_it;
+// #endif
 		} break;
 
 		case PKI_DATATYPE_X509_CRL : {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-			it = (ASN1_ITEM *) X509_CRL_INFO_it;
-#else
-			it = &X509_CRL_INFO_it;
-#endif
+			it = ASN1_ITEM_rptr(X509_CRL_INFO);
+
+// #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+// 			// it = (ASN1_ITEM *)X509_CRL_INFO_it;
+// #else
+// 			// it = &X509_CRL_INFO_it;
+// 			it = ASN1_ITEM_rptr(X509_CRL_INFO);
+// #endif
 		} break;
 
 		case PKI_DATATYPE_X509_REQ : {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-			it = (ASN1_ITEM *) X509_REQ_INFO_it;
-#else
-			it = &X509_REQ_INFO_it;
-#endif
+			it = ASN1_ITEM_rptr(X509_REQ_INFO);
+// #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+// 			it = (ASN1_ITEM *) X509_REQ_INFO_it;
+// #else
+// 			it = &X509_REQ_INFO_it;
+// #endif
 		} break;
 
 		case PKI_DATATYPE_X509_OCSP_REQ : {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-			it = (ASN1_ITEM *) OCSP_REQINFO_it;
-#else
-			it = &OCSP_REQINFO_it;
-#endif
+			it = ASN1_ITEM_rptr(OCSP_REQINFO);
+// #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+// 			it = (ASN1_ITEM *) OCSP_REQINFO_it;
+// #else
+// 			it = &OCSP_REQINFO_it;
+// #endif
 		} break;
 
 		case PKI_DATATYPE_X509_OCSP_RESP : {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-			it = (ASN1_ITEM *) OCSP_RESPDATA_it;
-#else
-			it = &OCSP_RESPDATA_it;
-#endif
+			it = ASN1_ITEM_rptr(OCSP_RESPDATA);
+// #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+// 			it = (ASN1_ITEM *) OCSP_RESPDATA_it;
+// #else
+// 			it = &OCSP_RESPDATA_it;
+// #endif
 		} break;
 
 		case PKI_DATATYPE_X509_PRQP_REQ : {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-			it = (ASN1_ITEM *) PKI_PRQP_REQ_it;
-#else
-			it = &PKI_PRQP_REQ_it;
-#endif
+			it = ASN1_ITEM_rptr(PKI_PRQP_REQ);
+// #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+// 			it = (ASN1_ITEM *) PKI_PRQP_REQ_it;
+// #else
+// 			it = &PKI_PRQP_REQ_it;
+// #endif
 		} break;
 
 		case PKI_DATATYPE_X509_PRQP_RESP : {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-			it = (ASN1_ITEM *) PKI_PRQP_RESP_it;
-#else
-			it = &PKI_PRQP_RESP_it;
-#endif
+			it = ASN1_ITEM_rptr(PKI_PRQP_RESP);
+// #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+// 			it = (ASN1_ITEM *) PKI_PRQP_RESP_it;
+// #else
+// 			it = &PKI_PRQP_RESP_it;
+// #endif
 		} break;
 
 		case PKI_DATATYPE_X509_CMS : {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-			it = (ASN1_ITEM *) CMS_ContentInfo_it;
-#else
-			it = &CMS_ContentInfo_it;
-#endif
+			it = ASN1_ITEM_rptr(CMS_ContentInfo);
+// #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+// 			it = (ASN1_ITEM *) CMS_ContentInfo_it;
+// #else
+// 			it = &CMS_ContentInfo_it;
+// #endif
 		}
 
 		case PKI_DATATYPE_X509_KEYPAIR: {
 			it = NULL;
 		} break;
 
 		case PKI_DATATYPE_X509_EXTENSION: {
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-			it = (ASN1_ITEM *) X509_EXTENSION_it;
-#else
-			it = &X509_EXTENSION_it;
-#endif
+			it = ASN1_ITEM_rptr(X509_EXTENSION);
+// #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+// 			it = (ASN1_ITEM *) X509_EXTENSION_it;
+// #else
+// 			it = &X509_EXTENSION_it;
+// #endif
 		} break;
 
 		default: {

diff --git a/src/tests/6_token_digest_crl_sign.c b/src/tests/6_token_digest_crl_sign.c
@@ -71,7 +71,6 @@ int subtest1() {
 	// PKI_OID *oid = NULL;
 
 	PKI_X509_CRL *crl = NULL;
-	PKI_X509_CRL_ENTRY *entry = NULL;
 	PKI_X509_CRL_ENTRY_STACK *sk = NULL;
 
 	if ((tk = PKI_TOKEN_new_null()) == NULL ) {
@@ -113,7 +112,16 @@ int subtest1() {
 	// 		return(0);
 	// }
 
+	PKI_DEBUG("Generating a new stack of entries");
+	sk = PKI_STACK_X509_CRL_ENTRY_new();
+	if (!sk) {
+		PKI_log_err("ERROR!\n");
+		return 0;
+	}
+	PKI_DEBUG("Stack of entries generated successfuly");
+
 	PKI_DEBUG("Generating a new CRL ENTRY");
+	PKI_X509_CRL_ENTRY *entry = NULL;
 	if((entry = PKI_X509_CRL_ENTRY_new_serial("12345678", 
 											  CRL_REASON_KEY_COMPROMISE,
 											  NULL,
@@ -123,11 +131,10 @@ int subtest1() {
 		return 0;
 	}
 	PKI_DEBUG("CRL ENTRY Generated Successfuly");
-
-	sk = PKI_STACK_X509_CRL_ENTRY_new();
 	PKI_STACK_X509_CRL_ENTRY_push( sk, entry );
 
 	PKI_DEBUG("Generating new CRL");
+
 	if((crl = PKI_TOKEN_issue_crl (tk, 
 								   "3", 
 								   0,
@@ -138,6 +145,7 @@ int subtest1() {
 		PKI_log_err("ERROR, can not generate new CRL!\n");
 		return 0;
 	}
+
 	PKI_DEBUG("CRL Generated Successfuly");
 
 	if( tk ) PKI_TOKEN_free ( tk );